View previous topic View next topic Go down

Re: troj/rustock

Post by ddavydenko on Sun 04 Jan 2009, 8:45 am

I tried this method on my Vista SP1 - it worked out great! But it has some differences in workflow. Here they are:
- name of that driver file was slightly different (4 or 5 last letters were different);
- during avenger run system reboots twice (second time it does by itself - user has nothing to do about that);
- after avenger I ran MBAM again (just to make sure there is no malware anymore) and found out that file itself is still there but it is not running (I guess because service was removed already), so I made MBAM to remove this file once again and this was it - one more run of MBAM confirmed system is clear.

Here are also some notes about what this malware does and how it behaves:
- seems this stuff is kinda smart: every time I tried to run antivirus which could destroy it - that antivirus was not able to update its virus definition DB and since was not able to recognize this malware.
- some programs were crushing into blue screen (like MS Visual Studio 2008) which tells me that again this stuff tries to prevent everything that could destroy it from running.
- I was even not able tp open some links in browser that contains name of it (rustok-N).

P.S. And of course I can not to say "THANK YOU" to Belahzur who's done a great job explaining a fix procedure step by step. I have not seen too much professionals over the net who is capable of actually help someone remotely. Once again, great job!



Posts : 1
Joined : 2009-01-03
Operating System : MS Vista SP1

View user profile

Back to top Go down

Re: troj/rustock

Post by Belahzur on Sun 04 Jan 2009, 8:49 am

Split off post.
So this machine is now clean?

Glad I could help, but please note:

Tools that were posted to be run by other users may not have the same effect on your machine and may damage it, that's why under the avenger script, it says "This code is made for this user"

@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: troj/rustock

Post by Doctor Inferno on Sat 21 Feb 2009, 9:01 pm

Due to lack of feedback, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.

Please be a GeekPolice fan on Facebook!

Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
The GeekPolice

The GeekPolice

Posts : 12017
Joined : 2007-12-27
Operating System : Windows 7 Home Premium and Ultimate X64

View user profile

Back to top Go down

Re: troj/rustock

Post by Sponsored content Today at 9:31 pm

Sponsored content

Back to top Go down

View previous topic View next topic Back to top

Permissions in this forum:
You cannot reply to topics in this forum